wireshark 2.4.6 cannot decode ssl application data
I added private key, and the private key works fun because it lookup the right keyID.
ssl_association_remove removing UDP 6443 - handle 0x141e987b0
KeyID[20]:
| 2d c8 af 7b 07 5a fa b9 25 69 a6 1b 86 11 52 eb |-..{.Z..%i....R.|
| e3 36 8d d5 |.6.. |
Calculating hash with offset 68 1181
lookup(KeyID)[20]:
| 2d c8 af 7b 07 5a fa b9 25 69 a6 1b 86 11 52 eb |-..{.Z..%i....R.|
| e3 36 8d d5 |.6.. |
But wireshark still cannot decode application data, here is the related debug info
dissect_ssl enter frame #587 (first time)
packet_from_server: is from server - FALSE
conversation = 0x148de6370, ssl_session = 0x148de6de0
record: offset = 0, reported_length_remaining = 160
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 155, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 151 bytes, remaining 160
Calculating hash with offset 5 155
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #589 (first time)
packet_from_server: is from server - TRUE
conversation = 0x148de6370, ssl_session = 0x148de6de0
record: offset = 0, reported_length_remaining = 1669
ssl_try_set_version found version 0x0303 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
ssl_try_set_version found version 0x0303 -> state 0x11
Calculating hash with offset 5 58
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -> state 0x17
ssl_dissect_hnd_hello_ext_alpn: changing handle 0x0 to 0x141e98d30 (http2)ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_change_key TLS version 0x303 is not 1.3
tls13_change_key TLS version 0x303 is not 1.3
record: offset = 63, reported_length_remaining = 1606
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 1181, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 1177 bytes, remaining 1249
Calculating hash with offset 68 1181
lookup(KeyID)[20]:
| 2d c8 af 7b 07 5a fa b9 25 69 a6 1b 86 11 52 eb |-..{.Z..%i....R.|
| e3 36 8d d5 |.6.. |
ssl_find_private_key_by_pubkey: lookup result: 0x7fb883e5e000
record: offset = 1249, reported_length_remaining = 420
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 300, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 1254 length 296 bytes, remaining 1554
Calculating hash with offset 1254 300
record: offset = 1554, reported_length_remaining = 115
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 101, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 13 offset 1559 length 97 bytes, remaining 1660
Calculating hash with offset 1559 101
record: offset = 1660, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 1665 length 0 bytes, remaining 1669
Calculating hash wit ...